Identity Theft News

eWeek.com found to be hosting malicious ads

Tuesday, February 24, 2009

The online version of a business computing magazine was found to be serving malicious advertisements (malvertisements) to users who visited the site's homepage.

This afternoon, a security organization issued an alert about eWeek.com and a malvertisement hosted on the DoubleClick advertising network, which performs a redirect to a malicious website through a series of iframes.

The redirect does one of two things: serves a PDF document containing exploit code or the file index.php redirects to the rogue ad-server.

Users who visit eWeek.com's homepage reportedly do not have to interact with advertisement for a file named winratit.exe to be installed onto the user's temporary files folder. Two additional files are also dropped onto the user's machine.

If a user attempts to fix their infected machine by visiting popular software download sites, the user is instead directed to a malicious website offering rogue AV downloads.

The name of the AV download associated with this cyberattack is reportedly Anti-Virus-1. Once the program is registered, it makes a connection with the malicious site to collect payment details from the user as a form of identity theft.

eWeek.com is reportedly working on fixing the problem.ADNFCR-1765-ID-19043468-ADNFCR

Related News:

Threat of identity theft shows need for online security - 11.19.2009
As Americans live increasingly large portions of their lives on the internet, the possibilities and incentives for remote identity theft increase as well. A report in the New York Times advises caution, and gives tips for constructing an "online bulwark" to prevent theft and fraud.

Wi-Fi network security vulnerable to man-in-the-middle attacks on smart phones - 11.16.2009
Researchers last week revealed a weakness in mobile network security that could allow for so-called "man-in-the-middle" techniques to steal personal information from users of certain types of mobile phones.

FDIC warns banks of money transfer 'mules' duped by cybercriminals - 11.2.2009
In a new warning to banks about illicit electronic fund transfers, the Federal Deposit Insurance Corporation (FDIC) said last week that online bank account theft is rising using "money mules," unwitting job-seekers who are duped by cyber crooks into wiring funds from hacked bank accounts.

Obama addresses cybersecurity awareness in YouTube video - 10.21.2009
Online cyber attacks and identity theft have never been higher, a threat environment that challenges U.S. security every day. President Obama has designated October as National Cybersecurity Awareness Month, which he addressed in a web video last week.

Facebook application security hole exposes millions to hacking, researcher says - 10.19.2009
A security researcher is warning Facebook users about potential vulnerabilities in Facebook applications that could allow cross-site scripting (XSS) hacker attacks for hijacking user accounts.
View Related Resources
Or
Watch an Online Demo
Or
Have us call you now